System and method for a routing device to securely share network data with a host utilizing a hardware firewall

ABSTRACT

A system and method for providing the ability to selectively share data in a network routing device with an associated host. The system and method employs a hardware firewall in the routing device which restricts the host such that it can only access areas in shared memory which contains data destined for the host. The routing device CPU notifies the host of pending data and the location of that data in the shared memory. The hardware firewall is also notified of the location in shared memory which the host may access. When the host attempts to read the data, the firewall ensures that only the stated memory area or areas are accessed by the host. Once the data has been read by the host, the firewall is notified to cancel the host&#39;s ability to access the shared memory until such time as a new packet destined for the host arrives in the routing device.

[0001] This application claims the benefit of U.S. Provisional PatentApplication No. 60/378,055 entitled “A System And Method For A RoutingDevice To Securely Share Network Data With A Host Utilizing A HardwareFirewall”, filed May 16, 2002, the entire contents of which beingincorporated herein by reference.

BACKGROUND OF THE INVENTION

[0002] 1. Field of the Invention

[0003] The present invention relates to a system and method forselectively sharing data contained in a network routing device with anassociated host device. More particularly, the invention relates to asystem and method for enabling routing device hardware to provideselective access by a host device to shared memory within the routingdevice, thus restricting the host's ability to access data not intendedfor use by the host.

[0004] 2. Description of the Related Art

[0005] In recent years, a type of mobile communications network known asan “ad-hoc” network has been developed. In this type of network, eachuser terminal is capable of operating as a base station or router forother mobile nodes, thus eliminating the need for a fixed infrastructureof base stations. Accordingly, data packets being sent from a sourcemobile node to a destination mobile node are typically routed through anumber of intermediate mobile nodes before reaching the destinationnode.

[0006] More sophisticated ad-hoc networks are also being developedwhich, in addition to enabling mobile nodes to communicate with eachother as in a conventional ad-hoc network, further enable the mobilenodes to access a fixed network and communicate with other types of userterminals, such as those on the public switched telephone network (PSTN)and on other networks, such as the Internet. Details of these types ofad-hoc networks are described in U.S. patent application Ser. No.09/897,790 entitled “Ad Hoc Peer-to-Peer Mobile Radio Access SystemInterfaced to the PSTN and Cellular Networks”, filed on Jun. 29, 2001,in U.S. patent application Ser. No. 09/815,157 entitled “Time DivisionProtocol for an Ad-Hoc, Peer-to-Peer Radio Network Having CoordinatingChannel Access to Shared Parallel Data Channels with SeparateReservation Channel”, filed on Mar. 22, 2001, and in U.S. patentapplication Ser. No. 09/815,164 entitled “Prioritized-Routing for anAd-Hoc, Peer-to-Peer, Mobile Radio Access System”, filed on Mar. 22,2001, the entire content of each being incorporated herein by reference.

[0007] Generally, all nodes in a wireless ad-hoc peer-to-peer networkprovide similar core services and functionality, although their specificfunctionality can depend on their intended purposes, such as use as anaccess point, fixed router or mobile terminal. Although each node canprovide similar services, the workload is typically distributed acrossmany nodes rather than centralized at a single location in thepeer-to-peer network. Therefore peer-to-peer networks distinguishthemselves from infrastructure networks where one or more nodes offer asuperset of the functionality of the rest of the network. Infrastructurenodes in these networks typically can handle Dynamic Host ConfigurationProtocol (DHCP), Address Resolution Protocol (ARP), as well as otherservices that depend on broadcast traffic. Dynamic Host ConfigurationProtocol is defined by IETF RFC 2131 and 2132, which are incorporatedherein by reference, and is used by a client node to automaticallyobtain network settings from a central server. These network settingsinclude the client's IP address, the address of Domain Name Servers(DNS), the IP address of default gateways, and many other networksettings. Address Resolution Protocol is defined by STD 0037 and RFC0826, which are incorporated herein by reference, and is used by anetwork node to map IP addresses to MAC addresses so IP traffic can bedelivered to specific hardware. Such infrastructure nodes are normallydiscovered by broadcast traffic advertisements from their client nodesin a network.

[0008] As can be appreciated by one skilled in the art, traffic in suchnetworks includes direct and indirect communications, in which nodes canbe used as routers while both stationary or mobile. A mobile nodetypically includes a host, such as a personal computer (PC) or personaldigital assistant (PDA), with an attached transceiver and a controller.A mobile node can further include a network interface device coupled toa host device, which allows the host device communication access withthe network. The transceiver of the mobile node receives data packets,such as voice, data or multimedia data packets, from other nodes, andthe controller determines which data packets are intended for it'sassociated host. If a data packet is intended for the associated host,the host is notified to retrieve the packet. If the packet is notintended for the associated host, the controller determines the nextnode to which the data packet should be sent based on routing table orsimilar information, and controls the transceiver of the mobile node tosend the data packet to the next node.

[0009] In traditional networks where the user nodes do not re-routetraffic, the network interface device will inspect an incoming packetheader and store packet data only if it is destined for the host deviceassociated with the network interface device. Therefore, the host neverhas the opportunity to examine data which is intended for other devices.However, once a device is required to reroute packets to a destinationdevice other than the associated host as in an ad-hoc network, allpackets must be captured and evaluated by the routing device. Once apacket is captured by a network interface device, it then may becomesusceptible to unauthorized access by the associated host device.

[0010] However, the ability to selectively share data between a routingdevice and an associated host, such as a personal computer, is necessaryin a wireless ad-hoc network. This allows a subscriber to have an accesspoint for extracting or sending data through the network. Because thevast majority of routing resources or nodes that exist in amultihopping, ad-hoc network each route data that is not intended forits associated host, precautions must be taken to insure that only dataintended for the node's associated host can be extracted from therouting device in the node. However, many of the methods for achievingthis are either inefficient in their ability to route data, require useof multiple memories, or are insecure.

[0011] Accordingly, a need exists for a system and method for protectingdata traveling through a network by ensuring that a host device may onlyaccess data that was intended for access by that host device.

SUMMARY OF THE INVENTION

[0012] An object of the present invention is to provide a system andmethod for restricting a host device from accessing network data whichis not intended for host access.

[0013] Another object of the present invention is to provide a hardwareimplemented firewall internal to a routing device in a communicationnetwork, such as an ad-hoc network, to prevent unauthorized access by ahost device to data stored in shared memory on the routing device.

[0014] A further object of the present invention is to restrict hostaccess to the shared memory such that there may be no access, access toa single area, or access to multiple areas in the shared memory whenrequired.

[0015] Another objective of the present invention is to disallow hostaccess to the shared memory once the host has retrieved the data it ispermitted to retrieve.

[0016] These and other objects are substantially achieved by providing asystem and method to securely share data between a routing device and anassociated host by utilizing a hardware firewall which restricts thehost's access to a shared memory area on the routing device. The systemand method employs a hardware firewall in the routing device whichrestricts the host such that it can only access areas in shared memorywhich contains data destined for the host. The routing device CPUnotifies the host of pending data and the location of that data in theshared memory. The hardware firewall is also notified of the location inshared memory which the host may access. When the host attempts to readthe data, the firewall ensures that only the stated memory area or areasare accessed by the host. Once the data has been read by the host, thefirewall is notified to cancel the host's ability to access the sharedmemory until such time as a new packet destined for the host arrives inthe routing device.

BRIEF DESCRIPTION OF THE DRAWINGS

[0017] These and other objects, advantages and novel features of theinvention will be more readily appreciated from the following detaileddescription when read in conjunction with the accompanying drawings, inwhich:

[0018]FIG. 1 is a conceptual block diagram of an example of an ad-hocwireless communications network including a plurality of nodes employingan embodiment of the present invention;

[0019]FIG. 2 is a conceptual block diagram of an example of componentsof a wireless node as shown in FIG. 1, including firewall hardwareelements in accordance with an embodiment of the present invention; and

[0020]FIG. 3 is a flow diagram illustrating an example of the logic of asecure data transaction from the routing device of a node as shown inFIGS. 1 and 2 to the host associated with that routing device inaccordance with an embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

[0021]FIG. 1 is a block diagram illustrating an example of an ad-hocpacket-switched wireless communications network 10 employing anembodiment of the present invention. Specifically, the network 10includes a plurality of mobile wireless user terminals 102-1 through102-n (referred to generally as nodes or mobile nodes 102), and a fixednetwork 104 having a plurality of access points 106-1, 106-2, . . .106-n (referred to generally as nodes or access points 106), forproviding the nodes 102 with access to the fixed network 104. The fixednetwork 104 includes, for example, a core local access network (LAN),and a plurality of servers and gateway routers, to provide the nodes 102with access to other networks, such as other ad-hoc networks, the publicswitched telephone network (PSTN) and the Internet.

[0022] The network 10 further includes a plurality of fixed routers107-1 through 107-n (referred to generally as nodes or fixed routers107) for routing data packets between other nodes 102, 106 or 107. Ascan be appreciated by one skilled in the art, the nodes 102, 106 and 107are capable of communicating directly with each other, or via one ormore other nodes operating as routers for data packets being sentbetween nodes, as described in U.S. Pat. No. 5,943,322 to Mayor and inU.S. patent application Ser. Nos. 09/897,790 and 09/815,157, referencedabove. The data packets can include voice, data or multimedia.

[0023] Specifically, as shown in FIG. 2, any of the nodes 102, 106 or107 and, in particular, each mobile node 102, includes a routing device1000 and a host device 100. The host 100 is typically a personalcomputer (PC) or personal digital assistant (PDA), used by a subscriberto gain access to the network 10 shown in FIG. 1, but can be any numberof devices, such as a notebook computer terminal, mobile telephone unit,mobile data unit, or any other suitable device. In this example, routingdevice 1000 includes two external interfaces. The host interface 200allows a host device 100 and the routing device 1000 to communicate. Theradio frequency (RF) interface 910 allows the RF signal 920 to be eitherreceived by or transmitted from the routing device 1000. The embodimentshown in FIG. 2 utilizes an RF signal as the medium in the physicallayer, as defined in the OSI model, ISO/IEC 7498-1 (1994), the entirecontents being incorporated herein by reference. However, any type ofmedium, such as infrared, fiber optics, or wire, could be used by thephysical layer to send the data packets between the nodes 102, 106 and107.

[0024] As further shown in FIG. 3, the routing device 1000 of FIG. 3includes an internal hardware firewall 300, a mailbox 400, a packetbuffer 500, a routing device CPU 600, a modem interconnect bus 700, abaseband modem 800 and an RF section 900. The hardware firewall 300provides selective read and write access to the packet buffer 500 by thehost 100. The configuration and control of the hardware firewall 300 iscontrolled solely by the routing device CPU 600 in this example.

[0025] The mailbox 400 of the routing device 1000 in FIG. 3 provides acommon set of registers, shared by the host 100 and routing device CPU600, which are used to exchange small amounts of data and messages. Thepacket buffer 500 of the routing device 1000 is a memory device alsoshared by the routing device CPU 600 and the host 100. The routingdevice CPU 600 includes a processor capable of executing instructionsthat control the functions of the modem 800, execute routing algorithms,and perform data movement transactions. The CPU 600 and modem 800 alsoinclude the appropriate hardware and software to provide IP, ARP,admission control (AC), traffic control (TC), ad-hoc routing (AHR),logic link control (LLC) and media access control (MAC). The transceiver110 further includes the appropriate hardware and software for IAPassociation (IA), UDP, simple network management protocol (SNMP), datalink (DL) protocol and dynamic host configuration protocol (DHCP)relaying.

[0026] The modem interconnect bus 700 of the routing device 1000 in FIG.3 is used to interconnect the elements of the modem transceiver. Furtherdetails of an example of this type of bus are described in U.S. patentapplication Ser. No. 09/948,159 entitled “Multi-Master Bus Architecturefor System-On-Chip Designs” filed on Sep. 6, 2001, the entire contentbeing incorporated herein by reference.

[0027] The baseband modem 800 of the routing device 1000 in FIG. 3modulates the outgoing signals to analog format, and demodulatesincoming signals to digital format. The RF section 900 upconverts themodulated baseband signal for RF propagation and downconverts thereceived RF signal for demodulation by the modem 800, and the RF signal920 provides the physical layer for communicating between routingdevices in the nodes 102, 106 and 107.

[0028] In FIG. 3, a flow diagram illustrating an example of the logic ofa secure data transaction from the routing device 1000 to the host 100in accordance with an embodiment of the present invention is shown. Instep 1010 shown in FIG. 3, data received at the routing device 1000 istransferred from the physical layer, such as an RF signal sent fromanother node 102, 106 or 107, to the modem 800 where it is converted todigital format. In the embodiment shown in FIG. 3, an RF signal is usedas the medium in the physical layer, however as pointed out above, anytype of medium could be used by the physical layer, such as infrared,fiber optics, or wire.

[0029] In step 1020, the digital format packet is transferred from thebaseband modem 800 to the packet buffer 500 by the routing device CPU600. In step 1030, the routing device CPU 600 determines if the localhost 100 needs access to the data, and then notifies the hardwarefirewall 300 of the specific packet buffer 500 area which the host 100is to be allowed access. If the packet is not destined for theassociated host 100, the host is not notified of the new packet.

[0030] In step 1040, the routing device CPU 600 places the address rangeof the data to be delivered to the host 100 in the mailbox 400 and thensignals the host 100 to retrieve the message from the mailbox. In step1050, the host 100 reads the message in the mailbox 400 and discoverswhat part of the packet buffer 500 it is to access, and in step 1060,the host 100 reads the data in the designated area of the packet buffer500.

[0031] The hardware firewall 300 ensures that only the designated areais accessed by the host 100. In Block 1070 the host 100 writes a messageto the mailbox 400 indicating that the read action has been completedand signals the routing device CPU 600. Finally, in Block 1080, therouting device CPU 600 notifies the hardware firewall 300 that the host100 no longer has access to the designated area of the packet buffer500.

[0032] The embodiment of the present invention described provides asingle memory resource that is utilized by the routing device and theassociated host. Since each routing device in the network musttemporarily store data in a memory for either access by the host orretransmission to another routing resource or destination, a commonmemory is used. The use of a shared memory resource, such as a “packetbuffer” 500, has the advantage of reducing the number of separatememories required to store data and reduces the number of transactionsthat a processor must perform in order to transfer data to it's intendeddestination.

[0033] The embodiment described above provides selective access by thehost to the shared memory or “packet buffer” 500 on the routing device1000. The selective access by the host is implemented solely by hardwarein the routing device such that no security protocol or encryption isrequired to protect data not intended to be accessed by the host. Hostaccess to the packet buffer can be configured to allow multiple windowsof different memory ranges, or alternatively, host access to the packetbuffer can be eliminated entirely. Additionally, the embodiment includesa mechanism to communicate to the host which areas it is allowed toaccess in the packet buffer.

[0034] Furthermore, data movement is minimized between memories becausethe host 100 and routing device CPU 600 have direct access to the sharedpacket buffer 500. By securely using a single shared memory, cost isminimized and data transfer efficiency is maximized in the routingdevice while maintaining the integrity of the network data. Furthermore,by implementing the firewall 300 in the routing device hardware, it isnot susceptible to hacking from the host computer 100.

[0035] Although network routers and bridges reroute network traffic,they typically do not have associated hosts. While security issueaddressed by the embodiment of the present invention described abovecould potentially apply to any communications device with an associatedhost, they specifically apply to devices which support multi-hopping.The embodiment of the present invention described above restricts a hostfrom reading data not intended for it, however it does not deal withrestrictions on the ability of the host to write data to the routingdevice.

[0036] Although only a few exemplary embodiments of the presentinvention have been described in detail above, those skilled in the artwill readily appreciate that many modifications are possible in theexemplary embodiments without materially departing from the novelteachings and advantages of this invention. Accordingly, all suchmodifications are intended to be included within the scope of thisinvention as defined.

What is claimed is:
 1. A node, for use in a wireless ad-hoccommunications network, and being adapted to transmit and receive datapackets to and from other nodes in said wireless ad-hoc network and torestrict access by an associated host device to said data packetsdestined for other nodes in said wireless ad-hoc network, said nodecomprising: an internal hardware firewall, adapted provide selectiveread and write access by an associated host device to at least one of apacket buffer and a register mailbox; and a controller, adapted toconfigure said internal hardware firewall to provide said selective readand write access.
 2. A node as claimed in claim 1, further comprising: amemory, including said register mailbox and said packet buffer which hasa plurality of addresses, and being adapted to provide a common set ofregisters to said associated host device and said controller.
 3. A nodeas claimed in claim 1, further comprising: a modem, adapted to modulatean outgoing signal into an analog format, and demodulate an incomingsignal into a digital format packet; and wherein said controller isfurther adapted to direct modem control functions to demodulate anincoming signal into a digital format packet.
 4. A node as claimed inclaim 1, wherein: said controller is further adapted to direct routingfunctions to transfer a digital format packet from said modem to anaddress range of said packet buffer.
 5. A node as claimed in claim 1,wherein: said controller is further adapted to determine if saidassociated host device requires access to said incoming signal digitalformat packet and in response, to configure said internal hardwarefirewall to allow said associated host device access to said registermailbox via a host interface.
 6. A node as claimed in claim 1, wherein:said controller is further adapted to determine an address range in saidpacket buffer which contains said digital format packet and to place amessage containing said address range in said register mailbox, and tosignal said associated host device to access said register mailbox toretrieve said message.
 7. A node as claimed in claim 1, wherein: saidcontroller is further adapted to configure said internal hardwarefirewall to allow said associated host device to access said addressrange of said packet buffer.
 8. A node as claimed in claim 1, wherein:said controller is further adapted to retrieve a completion reply fromsaid associated host device and, in response, to configure said internalhardware firewall to prohibit said associated host device to access saidregister mailbox and said packet buffer.
 9. A method of transmitting andreceiving data packets to and from a node in a wireless ad-hoc networkand restricting access by an associated host device to received datapackets destined for other nodes in said wireless ad-hoc network, themethod comprising: controlling an internal hardware firewall at saidnode to provide selective read and write access by an associated hostdevice to at least one of a packet buffer and a register mailbox; andcontrolling a router device central processing unit (CPU) to configuresaid internal hardware firewall to provide said selective read and writeaccess.
 10. A method as claimed in claim 9, further comprising:controlling said CPU to control a memory, including said registermailbox and said packet buffer which has a plurality of addresses, toprovide a common set of registers to said associated host device andsaid controller.
 11. A method as claimed in claim 9, further comprising:controlling said CPU to control a modem to modulate an outgoing signalinto an analog format, and to demodulate an incoming signal into adigital format packet; and controlling said CPU to direct modem controlfunctions to demodulate an incoming signal into a digital format packet.12. A method as claimed in claim 9, further comprising: controlling saidCPU to direct routing functions to transfer a digital format packet fromsaid modem to an address range of said packet buffer.
 13. A method asclaimed in claim 9, further comprising: controlling said CPU todetermine if said associated host device requires access to saidincoming signal digital format packet and in response, to configure saidinternal hardware firewall to allow said associated host device accessto said register mailbox via a host interface.
 14. A method as claimedin claim 9, further comprising: controlling said CPU to determine anaddress range in said packet buffer which contains said digital formatpacket and to place a message containing said address range in saidregister mailbox, and to signal said associated host device to accesssaid register mailbox to retrieve said message.
 15. A method as claimedin claim 9, further comprising: controlling said CPU to configure saidinternal hardware firewall to allow said associated host device toaccess said address range of said packet buffer.
 16. A method as claimedin claim 9, further comprising: controlling said CPU to retrieve acompletion reply from said associated host device and in response, toconfigure said internal hardware firewall to prohibit said associatedhost device to access said register mailbox and said packet buffer. 17.A computer-readable medium of instructions for controlling a node in awireless ad-hoc communications network to perform access restriction ofan associated host device to data packets destined for other nodes, saidnode being adapted to transmit and receive data packets to and fromother nodes in said wireless ad-hoc network, said computer-readablemedium of instructions comprising: a first set of instructions, adaptedto control an internal hardware firewall at said node to provideselective read and write access by an associated host device to at leastone of a packet buffer and a register mailbox; and a second set ofinstructions, adapted to control a router device central processing unit(CPU) to controller to configure said internal hardware firewall toprovide said selective read and write access.
 18. A computer-readablemedium of instructions as claimed in claim 17, wherein: said second setof instructions is adapted to control a memory, including said registermailbox and said packet buffer which has a plurality of addresses, toprovide a common set of registers to said associated host device andsaid controller.
 19. A computer-readable medium of instructions asclaimed in claim 17, wherein: said second set of instructions is adaptedto control a modem to modulate an outgoing signal into an analog format,and to demodulate an incoming signal into a digital format packet; andwherein said second set of instructions is further adapted to directmodem control functions to demodulate an incoming signal into a digitalformat packet.
 20. A computer-readable medium of instructions as claimedin claim 17, wherein: said second set of instructions is adapted todirect routing functions to transfer a digital format packet from saidmodem to an address range of said packet buffer.
 21. A computer-readablemedium of instructions as claimed in claim 17, wherein: said second setof instructions is adapted to determine if said associated host devicerequires access to said incoming signal digital format packet and inresponse, to configure said internal hardware firewall to allow saidassociated host device access to said register mailbox via a hostinterface.
 22. A computer-readable medium of instructions as claimed inclaim 17, wherein: said second set of instructions is adapted todetermine an address range in said packet buffer which contains saiddigital format packet and to place a message containing said addressrange in said register mailbox, and to signal said associated hostdevice to access said register mailbox to retrieve said message.
 23. Acomputer-readable medium of instructions as claimed in claim 17,wherein: said second set of instructions is adapted to configure saidinternal hardware firewall to allow said associated host device toaccess said address range of said packet buffer.
 24. A computer-readablemedium of instructions as claimed in claim 17, wherein: said second setof instructions is adapted to retrieve a completion reply from saidassociated host device and in response, to configure said internalhardware firewall to prohibit said associated host device to access saidregister mailbox and said packet buffer.